CVE-2002-1335

EPSS 1.4%

w3m - missing HTML quoting

發布日:2002/12/11修改日:2026/4/28

也稱為:DEBIAN-CVE-2002-1335

描述

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

受影響套件(3)

Debian/w3mfrom 0, < 0.3.2.2-1
Debian/w3mfrom 0, < 0.3-2.4
Debian/w3mmeefrom 0, < 0.3-2.4

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1335